Wednesday, November 07, 2007

Madsen's Lemmas (or is it Lemmi)

Paul writes about attributes and how they won't be trusted for self assertion when the value of the attributes is used to distinguish levels of service.

In the context of any given application, a Relying Party will be unwilling to accept a self-asserted identity attribute without verification if there exists the possibility of differentiated advantage to the user in claiming one value for that attribute over another.
And follows with the corollary:
For any given identity attribute, there exists an application context in which there can be differentiated advantage to the user in claiming one value for that attribute over another.

Combining the two would make one think that Paul is arguing that self asserted identity attributes will never be accepted, but I'm pretty sure he didn't mean that.

In any case, I think there's another side to this puzzle in that the self asserted attributes can be accepted and used when the result makes it useless for the user to lie about them. If I order something with Paul's credit card, name, address and phone number, it generally will be accepted, the transaction will complete, and the vendor will ship the product -- it will just end up at Paul's house rather than mine, so I won't benefit from it (but I bet Paul was surprised when those enlargement pills showed up :-)).

So I would write the lemma more along the lines of:

There exist some set of cases where a Relying Party provides such differentiated levels of service that they will require third party attestation and/or confirmation of attributes in order to enable access to such differentiated levels of service.

PS. Paul, if you need to fake your IP address to make it look like you're coming from the US, let me know... I can give you access to my proxy server (without, of course, any guarantees as to snooping on the traffic :-)).

Tags : / /


Eric Norman said...

It's Lemmings, Conor. Their purpose is to get folks to blindly follow someone that doesn't know what they're doing.

[Consider appropriate number of smileys inserted here.]

Paul Madsen said...

Point 1: I did not mean that self-asserted attributes were never appropriate. Rather that for any given attribute, sometimes self-asserted may make sense, and other times not.

Point 2: I think my defn accounts for your scenario. If the RP knows that it will ship to the address it has on file, then it may be willing to accept self-asserted credit card because it knows that the presenter, if an impostor, will not benefit.

Point 3: I don't know if Eric's comment was a dig at me or you. If the former, I'm hurt. If the latter, I see opportunity for partnership with Eric.